Install a bootstrap and return to application... how?

[psp.padawan]

The patch stays in memory if you use loadmodule. It gets destroyed if you use loadexec. Thats why I used sceKernelLoadModuleForLoadExecVSHMs2 to load the homebrew.

[darkness]

Ok, but where is declared this function?
I've copied your function with makefile but I've not found this function! :(

[Pirata Nervo]

I always get a undefined referrence for that function.
I have the sdk that comes with 3.80 m33-3 and I also downloaded the one which comes with 3.71 m33 to see if the the function was renamed but nop, it's not there too.

[darkness]

I'm trying with sceKernelLoadModuleMs2 (pspmodulemgr_kernel.h), I think is that function but the name is changed!
If it work I'll post the solution! ( :( not very good english I think)

[darkness]

Ok, I've builted the prx but I've not start it, I've a error, I've try with sceKernelLoadExec and pspSdkLoadStartModule...
( My programm is in user mode, is possible to start a prx in user mode? )
Here is the complete code:

Code: Select all

#include <pspsdk.h>
#include <pspkernel.h>
#include <systemctrl.h>
#include <systemctrl_se.h>
#include <pspkerneltypes.h>
#include <pspmodulemgr_kernel.h>
#include <apihook.h>
#include <string.h>
#include <stdio.h>

PSP_MODULE_INFO&#40;"LoaderPRX", PSP_MODULE_KERNEL, 1, 0&#41;;
PSP_MAIN_THREAD_ATTR&#40;0&#41;;

void executeEboot&#40;char *target&#41;
&#123;   
   struct SceKernelLoadExecVSHParam param;
   memset&#40;&param, 0, sizeof&#40;param&#41;&#41;;   
   param.size = sizeof&#40;param&#41;;
   param.args = strlen&#40;target&#41;+1;
   param.argp = target;
   param.key = "game";

   sctrlKernelLoadExecVSHMs2&#40;target, &param&#41;;   
&#125;

void reloadMain&#40;&#41;
&#123;
   executeEboot&#40;"ms0&#58;/PSP/GAME/Xplora v1.0/EBOOT.PBP"&#41;;
&#125;

int main_thread&#40;SceSize args, void *argp&#41;
&#123;
   SceModule *mod=0;
   SceUID uid = 0;

   /* Unload the loader to free user memory */
   while &#40;&#40;mod = sceKernelFindModuleByName&#40;"BootLoader"&#41;&#41;&#41;
   &#123;
      sceKernelStopModule&#40;mod->modid, 0, NULL, NULL, NULL&#41;;
      sceKernelUnloadModule&#40;mod->modid&#41;;
   &#125;

   // Hook exit game function
   mod= sceKernelFindModuleByName&#40;"sceLoadExec"&#41;;
   if&#40;mod&#41; apiHookByName&#40;mod->modid, "LoadExecForUser","sceKernelExitGame", reloadMain&#41;;    

   
   uid = sceKernelLoadModuleMs2&#40;"ms0&#58;/PSP/GAME/CXMBTCv0.3/Eboot.pbp", 0, NULL&#41;;


   uid = sceKernelStartModule&#40;uid, 36, argp, NULL, NULL&#41;;


   return sceKernelExitDeleteThread&#40;0&#41;;
&#125;

int module_start&#40;SceSize args, void *argp&#41;
&#123;
   SceUID th = sceKernelCreateThread&#40;"main_thread", main_thread, 8, 16*1024, 0, NULL&#41;;

   if &#40;th >= 0&#41;
   &#123;
      sceKernelStartThread&#40;th, args, argp&#41;;
   &#125;
   return 0;
&#125;

int module_stop&#40;SceSize args, void *argp&#41;
&#123;   
   return 0;   
&#125;

And Makefile:

Code: Select all

TARGET = loadprx
OBJS = main.o apihook.o libs.o

INCDIR =
CFLAGS = -O2 -Wall
CXXFLAGS = $(CFLAGS) -fno-exceptions -fno-rtti
ASFLAGS = $(CFLAGS)

BUILD_PRX = 1
PSP_FW_VERSION = 371

USE_KERNEL_LIBC = 1
USE_KERNEL_LIBS = 1

LIBDIR =
LIBS = -lpspmodulemgr_kernel -lpspsystemctrl_kernel
LDFLAGS = -mno-crt0 -nostartfiles

  <------------------------------------  Here you &#40; I think&#41; need to set env!
include $&#40;PSPSDK&#41;/lib/build.mak 

[Pirata Nervo]

I always get an error using this one:
sceKernelLoadModuleMs2
Unsupported prx type.

[psp.padawan]

The 3.71 M33 sdk I use is included in the 3.71 M33-3 archive. Ive uploaded some samples.

It is a cut down version of the bootloader and loadprx code from moonlight's hense sdk.
I also used the apihook sample files that Cpasjuste has given me.

http://www.mediafire.com/?nwswgyi9yyz

Run the boot loader sample. it will load the hello world sample and when you exit the hello world sample it will go back to the boot loader

[Pirata Nervo]

Thanks, It's the same function as sceKernelLoadModuleMs2()
I will give it a try later.

[darkness]

Pirata Nervo, my code works, I've try to launch the prx un Irshell and works very great!

[Pirata Nervo]

Cool :)
mine does not work lol.
I always get the error 8002012e.
From my patchexit.prx
but if I load the patchexit.prx from the sample it works.
I will load the bridge.elf instead of bridge.prx and load the patchexit.prx from the .elf.

Edit: the only way I found of getting it to work was:
create a bridge pbp and then read the path, written by NervOS into a file, and then pass it to patchexit.prx and then from patchexit.prx load the file path passed. lol this works

[darkness]

Yes, I'm working on this solution!
Thanks!

[Pirata Nervo]

I don't need, it's working for me and it's ok :)
Btw: Some homebrew is not loaded correctly and freeze on loading.

[darkness]

If you have a good solution can post it here?
I've try to start the eboot, but I get always error 80010002! :(

[Pirata Nervo]

that error means the eboot does not exist so you are passing the file path wrong.
Anyway I fixed my problem, I was not setting correctly a module ID

[darkness]

I've a stupid error!
I've writed this funct in my bootloader eboot!

Code: Select all

int main_thread(SceSize args, void *argp)
{
    char file[128];

    FILE* filedata;
    filedata = fopen("ms0:/log.txt", "r");
    fscanf(filedata,"%s",file);
    fclose(filedata);
    
    SceUID mod = sceKernelLoadModule("ms0:/krnlmod.prx", 0, NULL);

    if &#40;mod < 0&#41;
    &#123;	
        return_&#40;&#41;;
    &#125; 
    else
    &#123;
            mod = sceKernelStartModule&#40;mod, strlen&#40;file&#41;+1, file, NULL, NULL&#41;;

            if &#40;mod < 0&#41;
            &#123;
                    return_&#40;&#41;;
            &#125;
    &#125;

    return sceKernelExitDeleteThread&#40;0&#41;;
&#125;

What's bad? If I launch it the pbp writed in the text file is not loaded, but with this it works perfect!

Code: Select all

int main_thread(SceSize args, void *argp)
{
    char* file="ms0:/EBOOT.PBP";

/*
    FILE* filedata;
    filedata = fopen("ms0:/log.txt", "r");
    fscanf(filedata,"%s",file);
    fclose(filedata);
    
*/

    SceUID mod = sceKernelLoadModule("ms0:/myprx.prx", 0, NULL);

    if &#40;mod < 0&#41;
    &#123;	
        return_&#40;&#41;;
    &#125; 
    else
    &#123;
            mod = sceKernelStartModule&#40;mod, strlen&#40;file&#41;+1, file, NULL, NULL&#41;;

            if &#40;mod < 0&#41;
            &#123;
                    return_&#40;&#41;;
            &#125;
    &#125;

    return sceKernelExitDeleteThread&#40;0&#41;;
&#125;

?????
I think is a problem in the return of fscanf...
What's the problem?

[J.F.]

Well, your prxs have different names, and you don't bother checking if the file opened or not. Add that to the chance that your fscanf has a chance of overflowing your stack var and we all see that your coding skills need some work. :)

[darkness]

Excuse for the old name, but the second is a old funct and I've not changed the name, sorry...
I've already try to check if the file is opened and I've do a "printf" af the results and it is perfect, but is not perfect for pass it to the function sceKernelStartModule I think, but why?
J.F., I've already do the basic control, but the results says that the function it is perfect, but is not true...

[J.F.]

Put prints after each step along with a 3 second delay and see which part is going boom. In any case, you should probably be using fgets(), not fscanf(). It prevents stack overflows.

In case you aren't familiar with posix functions... http://www.opengroup.org/onlinepubs/799 ... fgets.html

You'll find all the normal posix file commands there.

[darkness]

The problem is not a overflow because the code works but it pass a wrong arg to the sceKernelStartModule, because the prx loaded is loaded but the file
is not loaded by the prx, and than ( I think ) the problem is in the fscanf that return a bad formatted string, I'll try to print all the caracter of the string as a integer and I'll see what appens

[Jim]

If that really is your code, you need to check and fix the compiler warnings that it is surely giving you on the fscanf line!
<edit>sorry, that's crap, but just watch you're not scanf'ing over a constant string.

Jim

[darkness]

????
I've try to printf the result string as integer and compare to the true string and it's equal, however I've coded a new solution, without write or read files...
Thanks to all! :)

[Pirata Nervo]

I ncase you don't know, Dax released a sample which comes with 4.0.1 SDK (from 4.0.1 m33 rar/zip)
the sample uses the sctrlKernelLoadExecVSHWithApitype function so no need for modules or anything at all. (besides the prx driver)
also, the patch is not lost

[darkness]

I've try to rebuilt the DAX example and it doesn't work for me...
but I've try to load my executables with sctrlKernelLoadExecVSHWithApitype and my patch is lost... why?
I've try to comment the sctrlKernelLoadExecVSHWithApitype for check if the patch works and it works great!!
The prx of DAX patch only the ExitGame function, nothing else but ( I've not try it) his patch is not lost!

EDIT:
The new sctrlHENLoadModuleOnReboot function works only on 4.01M33 or can used on 3.90 M33-3 fw ?

[Pirata Nervo]

The only thing that does not work for me is the UMD, so I created a prx which launches the umd with the load module function.

the sctrlLoadExecVSHWithApitype keeps the patch as far as I know (at least it works)
and yes it only patches the sceKernelExitGame function but you can patch anything else.

this function:
sctrlHENLoadModuleOnReboot
Only works on 4.0.1 M33-X

[darkness]

Thanks very much!
Now I know that the DAX example is only for 4.01, and then if I do sctrlLoadExecVSHWithApitype for load a module my patch is unloaded!
uff...

[Pirata Nervo]

Thanks very much!
Now I know that the DAX example is only for 4.01, and then if I do sctrlLoadExecVSHWithApitype for load a module my patch is unloaded!
uff...

your patch is not unloaded.
My bridge.pbp (based on dax sample and my old bridge.pbp) and my both prx(patchexit_driver.prx and umdexec.prx) work on 3.xx too.
As long as you don't use the sctrlHENLoadModuleOnReboot, it works

[darkness]

????
This function works because the prx is placed in memory and when launch a new app it's loaded from the memory...
But if I delete the sctrlHENLoadModuleOnReboot the patch is unloaded...
This is want I think, maybe it isn't true...

[Pirata Nervo]

????
This function works because the prx is placed in memory and when launch a new app it's loaded from the memory...
But if I delete the sctrlHENLoadModuleOnReboot the patch is unloaded...
This is want I think, maybe it isn't true...

not actually.
EVERYTHING you see(and what you can't see) on your psp is loaded into memory.

the prx is loaded into memory by the EBOOT.PBP (from bootload sample) but on my program from bridge.pbp.

the GAME4XX/bootload is only if you want to make the patch resident even if you are not running your program

[darkness]

I've tryed but it doesn't works without this funct,
however I'm working on a (I think) better solution!!
Thanks

[Pirata Nervo]

Yeh without this it does not work.

Code: Select all

SceUID fd = sceIoOpen("flash1:/NervOS/system/patchexit_driver.prx", PSP_O_RDONLY, 0);

	if &#40;fd < 0&#41;
	&#123;
		return 0;
	&#125;

	int size = sceIoLseek&#40;fd, 0, PSP_SEEK_END&#41;;
	sceIoLseek&#40;fd, 0, PSP_SEEK_SET&#41;;

	SceUID pid = sceKernelAllocPartitionMemory&#40;PSP_MEMORY_PARTITION_KERNEL, "", PSP_SMEM_Low, size, NULL&#41;;

	if &#40;pid < 0&#41;
		return 0;

	sceIoRead&#40;fd, sceKernelGetBlockHeadAddr&#40;pid&#41;, size&#41;;

	sctrlHENLoadModuleOnReboot&#40;"/kd/usersystemlib.prx", sceKernelGetBlockHeadAddr&#40;pid&#41;, size, BOOTLOAD_GAME | BOOTLOAD_POPS | BOOTLOAD_UMDEMU&#41;;

this is what makes the patch resident. The only way of keeping your path is using the loadmodule functions.